Skip to content

refactor: Bump yaml from 1.10.0 to 2.7.1 #2786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 5, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 5, 2025

Bumps yaml from 1.10.0 to 2.7.1.

Release notes

Sourced from yaml's releases.

v2.7.1

  • Do not allow seq with single-line collection value on same line with map key (#603)
  • Improve warning & avoid TypeError on bad YAML 1.1 nodes (#610)

v2.7.0

The library is now available on JSR as @​eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.

  • Use .ts extension in all relative imports (#591)
  • Ignore newline after block seq indicator as space before value (#590)
  • Require Node.js 14.18 or later (was 14.6) (#598)

v2.6.1

  • Do not strip :00 seconds from !!timestamp values (#578, with thanks to @​qraynaud)
  • Tighten regexp for JSON !!bool (#587, with thanks to @​vra5107)
  • Default to literal block scalar if folded would overflow (#585)

v2.6.0

  • Use a proper tag for !!merge << keys (#580)
  • Add stringKeys parse option (#581)
  • Stringify a Document as a Document (#576)
  • Add sponsorship by Manifest

v2.5.1

  • Include range in flow sequence pair maps (#573)

v2.5.0

  • Add --indent option to CLI tool (#559, with thanks to @​danielbayley)
  • Require newline in all cases for props on block sequence (#557)
  • Always reset indentation in lexer on ... (#558)
  • Ignore minContentWidth if greater than lineWidth (#562)
  • Drop unused Collection.maxFlowStringSingleLineLength (#522, #421)

v2.4.5

  • Improve tab handling (#553, yaml-test-suite tests DK95 & Y79Y)

v2.4.4

With special thanks to @​RedCMD for finding and reporting all of the following:

  • Allow comment after top-level block scalar with explicit indent indicator (#547)
  • Allow tab as indent for line comments before nodes (#548)
  • Do not allow tab before block collection (#549)
  • In flow collections, allow []{} immediately after : with plain key (#550)
  • Require indentation for ? explicit-key contents (#551)
  • Require indentation from block scalar header & flow collections in mapping values (#553)

v2.4.3

  • Improve error when parsing a non-string value (#459)
  • Do not parse -.NaN or +.nan as NaN (#546)
  • Support # within %TAG prefixes with trailing #comments
  • Check for non-node complex keys when stringifying with simpleKeys (#541)

... (truncated)

Commits
  • a141bc0 2.7.1
  • a880b42 fix: Do not allow seq with single-line collection value on same line with map...
  • 923d67b test: Add test for tab after indent spaces for flow-in-block (#604)
  • 7cf843c test: Add descriptive names to tests with issue references
  • 9cf06d2 fix: Improve warning & avoid TypeError on bad YAML 1.1 nodes (fixes #610)
  • 50cf76b chore: Update docs-slate to skip its CI tests
  • 3b2362a docs: Add install option deno add jsr:@eemeli/yaml
  • 83cb780 chore: Update docs to use Slate 2.13.1
  • 9b02456 chore: Fix JSR version
  • 8f512b5 2.7.0
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

  • Chores
    • Updated the "yaml" package to a newer version for development.

@dependabot dependabot bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels May 5, 2025
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title refactor: bump yaml from 1.10.0 to 2.7.1 refactor: Bump yaml from 1.10.0 to 2.7.1 May 5, 2025
Copy link

coderabbitai bot commented May 5, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

The "yaml" package listed under devDependencies in package.json was updated from version 1.10.0 to 2.7.1. No other modifications were made to dependencies or configuration files.

Changes

File Change Summary
package.json Updated "yaml" devDependency from version 1.10.0 to 2.7.1.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@parseplatformorg
Copy link
Contributor

parseplatformorg commented May 5, 2025

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

Copy link

uffizzi-cloud bot commented May 5, 2025

Uffizzi Ephemeral Environment deployment-63417

⌚ Updated May 05, 2025, 08:03 UTC

☁️ https://app.uffizzi.com/github.com/parse-community/parse-dashboard/pull/2786

📄 View Application Logs etc.

What is Uffizzi? Learn more

Bumps [yaml](https://github.com/eemeli/yaml) from 1.10.0 to 2.7.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v1.10.0...v2.7.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 2.7.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/yaml-2.7.1 branch from 5e5ba53 to a4b8473 Compare May 5, 2025 08:03
@mtrezza
Copy link
Member

mtrezza commented May 5, 2025

@coderabbitai Does this upgrade require any code changes?

@mtrezza
Copy link
Member

mtrezza commented May 5, 2025

@coderabbitai review

Copy link

coderabbitai bot commented May 5, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@parse-community parse-community deleted a comment from coderabbitai bot May 5, 2025
@mtrezza
Copy link
Member

mtrezza commented May 5, 2025

@coderabbitai Will this upgrade require any code changes?

Copy link

coderabbitai bot commented May 5, 2025

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

Now I need to research the breaking changes between yaml 1.10.0 and 2.7.1.


🏁 Script executed:

#!/bin/bash
# Find all files that import or require the "yaml" package
echo "Searching for imports/requires of the yaml package..."
rg -l "require\(['\"]yaml['\"]|import.*from ['\"]yaml['\"]" --type js --type ts --type jsx --type tsx

# Search for any usage of yaml modules/functions in the codebase
echo -e "\nSearching for yaml package usage patterns..."
rg "yaml\." --type js --type ts --type jsx --type tsx

# Check the context of yaml usage more broadly
echo -e "\nSearching for any yaml string matches to capture alternative import patterns..."
rg "yaml" --type js --type ts --type jsx --type tsx

Length of output: 700


🌐 Web query:

yaml npm package breaking changes from 1.10.0 to 2.7.1

💡 Result:

Breaking Changes in the yaml NPM Package: 1.10.0 to 2.7.1

The yaml NPM package underwent significant changes between versions 1.10.0 and 2.7.1, with the most noteworthy update being the jump from the 1.x series to the semver-major 2.x series. Below is a summary of the key breaking changes and considerations based on available information.

Major Version Change: 1.x to 2.x

  • The move from version 1.x (including 1.10.0) to 2.x (up through 2.7.1) is a semver-major change, indicating the presence of breaking changes in the public API or documented endpoints[1].
  • Any change breaking documented endpoints or APIs is explicitly considered a major (breaking) change in this package’s versioning policy[1].
  • Users should not expect undocumented internals or deprecations to remain stable across minor versions, but removal of previous APIs only happens in major versions[1].

Key Breaking Changes and Considerations

  • API Changes: If your code depends on the documented API of [email protected], you should review migration notes and documentation for [email protected], as major version bumps may include renamed, removed, or restructured methods and options[1].
  • TypeScript Support: The minimum supported TypeScript version in the v2 series is 3.9. This requirement may change in any minor release, and earlier TypeScript versions may require configuration adjustments (e.g., skipLibCheck: true)[1].
  • Internal Deprecations: Some APIs may have been deprecated in v1 and removed or further deprecated in v2. You should check if any APIs you use were marked as deprecated in v1 as they may no longer exist in v2.
  • Behavioral Changes: Minor behavioral differences may exist, such as:
    • Parsing edge cases and error handling have become stricter or more standards-compliant[5].
    • Handling of whitespace in comments and blank lines was changed for better standards conformance[5].
  • Documentation: Documentation for v1 is available at the old source and documentation site (eemeli.org/yaml/v1); v2 documentation is at the main site[1].

How to Migrate

  • Review the official migration and upgrade documentation provided for v2[1].
  • Test your codebase extensively after upgrading, as subtle differences in parsing or stringification may cause issues in previously-valid YAML documents or expected outputs.

Summary Table of Most Notable Breaking Changes

Area From (v1.10.0) To (v2.7.1) Notes
Minimum TypeScript Not enforced 3.9 May require config change
API Stability 1.x API 2.x API; breaking changes Check migration docs
Comment Handling Lenient whitespace Stricter YAML compliance Affects comment parsing
Documentation URL /yaml/v1 /yaml (default) New docs for v2

For a complete and detailed list of changes, consult the [official documentation for v2 and the v1-to-v2 migration resources][1].


References:

  • For full documentation and migration information, see the project documentation: eemeli.org/yaml[1].
  • Compare code changes and diffs for specific API or parser behavior changes (e.g., comment whitespace handling)[5].

Recommendation: Always review the migration guide when performing a semver-major upgrade, especially with a parsing or serialization library as foundational as yaml.

Citations:


🏁 Script executed:

#!/bin/bash
# Let's try a broader search without file type restrictions
echo "Searching for yaml imports/requires more broadly..."
rg -l "require\(['\"]yaml['\"]|import.*from ['\"]yaml['\"]"

# Look for yaml usage in package.json scripts
echo -e "\nChecking package.json scripts for yaml usage..."
cat package.json | grep -i yaml

# Check if there are any files with .yaml or .yml extensions that might be using this package
echo -e "\nLooking for yaml or yml files in the repository..."
find . -name "*.yaml" -o -name "*.yml" | grep -v "node_modules"

# Search for yaml in build or configuration files
echo -e "\nSearching for yaml in build or config files..."
rg "yaml" --type json --type md --type txt

Length of output: 1931


🏁 Script executed:

#!/bin/bash
# Let's check the content of ci/CiVersionCheck.js to see how yaml is used
echo "Examining ci/CiVersionCheck.js - the only file that imports yaml..."
cat ci/CiVersionCheck.js

Length of output: 10474


@mtrezza Based on my analysis, this upgrade should require minimal to no code changes. I found that:

  1. The yaml package is only used in one file: ci/CiVersionCheck.js
  2. It's only used for a single purpose: parsing YAML files with yaml.parse()
  3. While there are breaking changes between yaml 1.x and 2.x series, the simple parsing usage in this file should continue to work

Since this is a devDependency only used in CI scripts, the impact is limited to development workflows rather than production code. I recommend running the CI scripts that use this dependency after the upgrade to verify everything works as expected.

The main difference could be slightly stricter YAML parsing in the newer version, but this is unlikely to cause issues with well-formed GitHub workflow YAML files.

(_/)
(•ᴥ•)
/ >📦

@mtrezza mtrezza merged commit 3f10ef4 into alpha May 5, 2025
9 of 11 checks passed
@mtrezza mtrezza deleted the dependabot/npm_and_yarn/yaml-2.7.1 branch May 5, 2025 20:51
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 7.2.0-alpha.1

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label May 6, 2025
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 7.2.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Jun 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code state:released Released as stable version state:released-alpha Released as alpha version
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants